Bugtraq mailing list archives
Re: sshd1 allows unencrypted sessions regardless of server policy
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Tue, 14 Dec 1999 22:07:36 -0500
If we're going to be picking nits....
AFAIK... The passpharse-less host keys are encrypted with 3-DES and no password. They were, at one time, encrypted with IDEA with no password.
...neither IDEA nor triple-DES *can* encrypt with no "password" (by which I have to assume you mean what is normally, for a block cipher, called a "key"). Perhaps you mean "some non-secret key"[%], which is not the same thing as *no* key. (Of course, from a security point of view, if a non-secret key is used, it makes no difference which one it is.) [%] The one resulting from following the usual algorithms on a zero-length passphrase, perhaps...?
Like I said... Just a nit...
"What he said." der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: sshd1 allows unencrypted sessions regardless of server policy der Mouse (Dec 14)
- <Possible follow-ups>
- Re: sshd1 allows unencrypted sessions regardless of server policy Markus Friedl (Dec 15)